diff --git a/docker/server/entrypoint.sh b/docker/server/entrypoint.sh index f1927fd32b0..996e58d09ad 100755 --- a/docker/server/entrypoint.sh +++ b/docker/server/entrypoint.sh @@ -90,14 +90,16 @@ if [ -n "$CLICKHOUSE_USER" ] && [ "$CLICKHOUSE_USER" != "default" ] || [ -n "$CL EOT fi +# Drop privileges +CLICKHOUSE_SETUID="${USER}" +CLICKHOUSE_SETGID="${GROUP}" +export CLICKHOUSE_SETUID +export CLICKHOUSE_SETGID + if [ -n "$(ls /docker-entrypoint-initdb.d/)" ] || [ -n "$CLICKHOUSE_DB" ]; then # port is needed to check if clickhouse-server is ready for connections HTTP_PORT="$(clickhouse extract-from-config --config-file "$CLICKHOUSE_CONFIG" --key=http_port)" - # Drop privileges - export CLICKHOUSE_SETUID="${USER}" - export CLICKHOUSE_SETGID="${GROUP}" - # Listen only on localhost until the initialization is done /usr/bin/clickhouse-server --config-file="$CLICKHOUSE_CONFIG" -- --listen_host=127.0.0.1 & pid="$!" @@ -155,7 +157,7 @@ if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then # so the container can't be finished by ctrl+c CLICKHOUSE_WATCHDOG_ENABLE=${CLICKHOUSE_WATCHDOG_ENABLE:-0} export CLICKHOUSE_WATCHDOG_ENABLE - exec $gosu /usr/bin/clickhouse-server --config-file="$CLICKHOUSE_CONFIG" "$@" + /usr/bin/clickhouse-server --config-file="$CLICKHOUSE_CONFIG" "$@" fi # Otherwise, we assume the user want to run his own process, for example a `bash` shell to explore this image